Random in Security is a summary of the cybersecurity news.
The paper discusses the security implications of image parsing during system boot and how it can be exploited by attackers to gain unauthorized access to the system.4 The authors demonstrate several attacks that can be launched using image parsing, including logo manipulation, firmware vulnerabilities, and bootloader attacks.
This vulnerability is rated with a CVSSv3 9.8 and was released in 2022 and has reemerged in the Atlassian December 2023: Security Advisories Overview. Apache Submarine was also affected and the ticket SUBMARINE-1371 even contains an curl request to trigger the vulnerability.
The article discusses how criminal groups have found new ways to smuggle drugs into Europe through commercial ports, using digitalization and automation to their advantage. A Dutch hacker named Davy de Valk was hired by drug traffickers to infiltrate the IT systems of major ports in Europe, providing intel on how to move drugs undetected. Initial access vector was via a USB stick for a port employee, who would insert the stick to infect a computer. The article provide a detailled chronology of the hack. De Valk was eventually caught and sentenced to 10 years in prison.
The article highlights the efforts of the Yiyuan County Police in Shandong Province, who have been successful in tracking down and arresting key members of a fraud syndicate. The task force has been able to seize large amounts of money and assets from the criminals, and has also led to the arrest of key leaders of the gang. One relevant reference in the article is @CyberScamWatch as well as @johnwSEAP
Web Site Change Detection, Restock monitoring and notifications.
A domain name permutation and enumeration library powered by Rust.
Some additional details are available in this thread.